Getting Data In

iplocation command not working

krish3
Contributor

Hi,

I am using splunk enterprise 6.0 and i used iplocation command on a index using the following command and it just returned the results fine.

index=idx1 sourcetype=access_combined ....| iplocation prefix=iploc_ allfields=true clientip

Now I am using the same command on different index and different sourcetype its not working.

index=idx2 sourcetype="access_*" .... | iplocation clientip

There are no interesting fields column in the search results page?? Any idea why is this happening.
Thanks,

0 Karma

hagjos43
Contributor

Splunk 6.1 has changed the iplocation a bit.

.... | iplocation clientip | stats count by Country, Region

works natively now 🙂

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...